Upload
james-robertson
View
219
Download
0
Embed Size (px)
DESCRIPTION
The real issues in IT Audit, cutting through mythology and mystique to examine the factors that should really be examined in IT Audits, ranging from strategic alignment and governance through to effective IT staff alignment with the business through boots in the mud socialization
Citation preview
1
The Problem of IT Mythology and Mystique - Bringing IT Audit Down to Earth
www.JamesARobertson.com
Dr James Robertson PrEng
2nd Annual IT Audit Challenge Forum 20081st to 3rd December 2008
2
An industry characterized by failure
“19 out of 20 E.R.P. Implementations do
NOT deliver what was promised”
Duncan McLeod
3
Extreme failures
Seven years and half a billion dollars -- international chemicals company
$400 million -- multinational shoe corporation
Multinational entertainment giant -- $878 million
Major supermarket chain -- $195 million
1.
2.
3.
4.
4
"I.T. is the next corporate disaster waiting to happen”
Pending disaster
5
Pending epidemic
6
Is I.T. Audit delivering?
There is a need for a new approach
7
8Engineer against failure
9
Engineers do not design bridges to stand up, they design them
not to fall down...
10
What is NOT an engineering approach?
11
Software as magic
12
The content is the same -- always -- binary code
13
Positioning this presentationInformation technology can and should add value
14
What is strategy?
15
Strategy
Doing the right things
Professor Malcolm McDonald
16
Tactics
Doing things right
Professor Malcolm McDonald
17
The relationship between strategy and tactics
Strategy -- doing the right things
Professor Malcolm McDonald
Tac
tics
--
thin
gs
rig
ht
Thrive
18
The relationship between strategy and tactics
Professor Malcolm McDonald
Survive
Strategy -- doing the right things
Tac
tics
--
thin
gs
rig
ht
19
The relationship between strategy and tactics
Professor Malcolm McDonald
Die
Strategy -- doing the right things
Tac
tics
--
thin
gs
rig
ht
20
The relationship between strategy and tactics
Professor Malcolm McDonald
Die slowly
Die fast
Strategy -- doing the right things
Tac
tics
--
thin
gs
rig
ht
21
The relationship between strategy and tactics
Professor Malcolm McDonald
SurviveDie slowly
Die fast
Thrive
Strategy -- doing the right things
Tac
tics
--
thin
gs
rig
ht
22
23
Information technology mythology (30%)
Lack of executive custody and inappropriate policies (20%)
Lack of strategic alignment (15%)
Lack of an engineering approach (12%)
Poor data engineering (10%)
People / soft issues (8%)
Technology issues (5%)
1.
2.
3.
4.
5.
6.
7.
Critical factors to manage to prevent failure
65%
Remember that technology is value inert
24
25
Executive Custody (25%)
Strategic Solution Architecture (18%)
Strategic Alignment (16%)
Business Integration and Optimization (14%)
Programme Schedule, Budget and Resource Management (12%)
Data Engineering (10%)
Technology Components (5%)
1.
2.
3.
4.
5.
6.
7.
Critical factors for success
59%
Thrive
R e c a
p
26
What is IT -- Really?
27
Back to basics
28
Advanced technology is not necessarily the answer
Over 30 years old and four years older
Still flying and only in a museum
Lo tech and hi tech
29
Clean up your data
30
Organize your data
31
From chaos to order
32
Why do we need IT security and audits?
Occasional crime and fraud
Set basic standards
Basic disciplines
... ?
1.
2.
3.
4.
No big deal?
33
Are we using a sledge hammer to crack a nut?
34
Potential murder weaponThree signaturesPassword changed dailyOnly used under supervision of a senior manager
))))
Or Utility tool that most people own with no control
Is the hammer bogged down in red tape?
35
What is really needed?
Some practical policies
One page, no more than 7 to 10 points
Easily understood by all staff who use computers
Non-intrusive
Does NOT interfere with the business of the business
Non-I.T. non-audit people can understand the relevance and adopt as their own
I.T. is ALL about people!
1.
2.
3.
4.
5.
6.
7.
36
Retain your OS and Office Suite and use the same machinesfor 6 years+
37
E.R.P. -- Invest for 20 years
38
Sustainable I.T. and E.R.P. support
39
Give people the tools
40
“the customer is NOT an interruption of your day the customer is the reason for your day”
Train I.T. staff to delight customers
41
“boots in the mud”
Make your I.T. staff an integral part of your business
42
Identify your core strategic drivers and then strengthen them
43
Align I.T. to support the core business
44
Business systems instead of I.T.
45
Executive custody -- OUR system
Leadership is 50% of success
46
Bringing IT Audit Down to Earth
I.T. operations are primarily an engineering and customer service function
Define and audit engineering standards
Define and audit customer service standards
Be practical -- enduring secret passwords with discipline -- do NOT change the lock every month
Short, practical, doable documents that people understand
Basic pragmatic measures, there are NO magicians out there
Educate users and executives and avoid mythology and jargon
1.
2.
3.
4.
5.
6.
7.
47
What is your single most important insight from this presentation?
What is the single most practical action that you can take tomorrow to apply I.T. more effectively?
1.
2.
Call to action
New insight that does not result in action within 48 hours is wasted
48
Acknowledgement and dedication
Clients, associates and staff
Father and mother Angus and Thelma
Children Alexandra and Struan
Fiona, Ingrid, Sandra and Helene
To the glory of the Eternal Creator
Psalm 136:5 "To Him who by wisdom made the heavens, for His mercy endures forever;"